refactor of caddy script

- put commandline option back int
- supports instance folder in conf/
-  supports _shared conf folder
-- supports instance script
moved instance specific conf to branches
moved things around and updated gitigonre in support of refactored script
giskard
Kebler Network System Administrator 2021-10-10 12:36:03 -07:00
parent ab4684c28f
commit 6567658636
9 changed files with 49 additions and 11 deletions

9
.gitignore vendored
View File

@ -1,10 +1,11 @@
!*.secret !*.secret
!build/builds.txt !build/builds.txt
!build/plugins.txt !build/plugins.txt
!conf/example.conf !conf/_shared/example/caddy.conf
!conf/example/
.gitsecret/keys/random_seed .gitsecret/keys/random_seed
env/
conf/
user/ user/
build/ build/
/archive/ caddy.conf
*credentials
temp/

View File

@ -1 +1,2 @@
linux arm64 linux arm64
linux amd64

4
conf/_shared/aws/aws.env Executable file
View File

@ -0,0 +1,4 @@
echo setting AWS environment
export AWS_CONFIG_FILE=$CONF_SHARED_DIR/aws/profiles
export AWS_SHARED_CREDENTIALS_FILE=$CONF_SHARED_DIR/aws/credentials
env | grep AWS

View File

@ -0,0 +1,7 @@
[profle1]
aws_access_key_id = AKIASOMEKEY
aws_secret_access_key = 9VAWosLSOMESECRET
[profile2]
aws_access_key_id =
aws_secret_access_key =

View File

@ -0,0 +1,2 @@
# AWS Route 53 DNS Challenge Plugin
### Using AWS Route53 Plugin with Caddy to authenticate subdomains for use with caddy/letsencrypt

4
conf/example/script Normal file
View File

@ -0,0 +1,4 @@
#!/bin/bash
echo running custom script for $INSTANCE
source ${CONF_SHARED_DIR}/aws/aws.env

BIN
env/AWS.env.secret vendored

Binary file not shown.

View File

@ -1,16 +1,35 @@
#!/bin/bash #!/bin/bash
SDIR=$(dirname "$(readlink -f "$0")") || exit SDIR=$(dirname "$(readlink -f "$0")") || exit
DIR=$(dirname "$SDIR") || exit DIR=$(dirname "$SDIR") || exit
echo Caddy Reposity Root: $DIR INSTANCE=${1:-default}
source $SDIR/library source $SDIR/library
CONF=$DIR/conf/${1:-caddy}.conf echo $SDIR
CMD=${2:-run}
get-caddy-bin # this sets $CADDY_BIN get-caddy-bin # this sets $CADDY_BIN
CONF_DIR=$DIR/conf/$INSTANCE
CONF_SHARED_DIR=$DIR/conf/_shared
CONF=$CONF_DIR/caddy.conf
SCRIPT=$CONF_DIR/script
BIN=$DIR/bin/$CADDY_BIN BIN=$DIR/bin/$CADDY_BIN
echo running caddy $BIN
[ ! -f "$BIN" ] && echo binary file $BIN does not exist && exit 1 [ ! -f "$BIN" ] && echo binary file $BIN does not exist && exit 1
[ ! -x "$BIN" ] && echo binary file $BIN is not executable && exit 1 [ ! -x "$BIN" ] && echo binary file $BIN is not executable && exit 1
[ ! -f "$CONF" ] && echo no configuration file $CONF && exit 1 [ ! -f "$CONF" ] && echo no configuration file $CONF && exit 1
# source any need environment files in $DIR/env if [ -f "$SCRIPT" ]; then
for f in $DIR/env/*.env; do source $f; done source $SCRIPT
echo Running caddy binary $BIN with configuration $CONF and command $CMD as user $USER fi
$BIN $CMD --config $CONF --adapter caddyfile if [ ! $INVOCATION_ID ]; then
CAP="cap_net_bind_service+eip"
ISSET=$(getcap $BIN | grep $CAP )
if [ ! "$ISSET" ]; then
echo binary $BIN not set for binding port 80 by non-root users, attempting to set
sudo setcap $CAP $BIN
ISSET=$(getcap $BIN | grep $CAP)
echo after $ISSET
[ ! "$ISSET" ] && echo unable to set port binding && exit 1
fi
echo running caddy from commandline, enter caddy user password
su -c "$BIN run --config $CONF --adapter caddyfile" caddy
else
echo running caddy via systemd service
$BIN run --config $CONF --adapter caddyfile
fi